Bad signature (was: Re: GPG support in Mahogany)
Mon Dec 16 10:45:02 2002
Well, now it is my turn to appologise :-)
On Sun, 2002-12-15 at 06:22, Ingo Klöcker wrote:
> Yes, I didn't read the source code at all. But I also didn't make any
> wild accusations. I just compared what someone of the Evolution
> developers replied to Dave with what is said in RFC 3156. As you can
> read above the developer claimed that "the raw data as originally found
> in the mbox file" is fed to gpg. This would not be correct since the
> CRLF canonicalization is missing (or maybe you store all emails with
> CRLF in the mbox file, but that would be very unusual on a Unix
I now see how you reached your conclusion. I should have been more
precise I guess.
> > This is the kind of thing that I do not particularly appreciate.
> Well, I'm sorry that you misread my reply. And I'm glad that my
> hypothesis was wrong and that Evolution now seems to be compatible with
> KMail (after I fixed a bug in KMail).
good good :-)
> > > "Upon receipt of a signed message, an application MUST:
> > >
> > > (1) Convert line endings to the canonical <CR><LF> sequence
> > > before the signature can be verified. This is necessary since the
> > > local MTA may have converted to a local end of line convention.
> > we do.
> Good. But that's not what Dave was told.
> > > (2) Pass both the signed data and its associated content
> > > headers along with the OpenPGP signature to the signature
> > > verification service."
> > we do. Is there a reason you pasted this section of rfc3156? Or are
> > you just trying to be a smart-ass?
> I quoted this section because this section explains what a MUA has to do
> to verify a OpenPGP/MIME signature. And as Evolution had problems with
> verifying OpenPGP/MIME signed messages created by KMail I wanted to be
> sure that the error is in KMail and not in Evolution.
> This error stems from the fact that Evolution seems (another wild
> accusation ?) to strip off trailing spaces before it passes the signed
> stuff to gpg. Is this assumption correct? If not, then I'd like to know
> why else Evolution had problems to verify some of my messages (which
> contained trailing spaces) while now that KMail doesn't create any
> trailing spaces anymore Evolution doesn't seem to have any problems
Aha, it seems it does set the CANON_STRIP flag when verifying as well.
This should probably be considered a bug. I will send a patch in for
review right away.
We should only be using CANON_CRLF.
> > > Now I wonder whether the developers of Evolution forgot the
> > > <CR><LF> canonicalization or whether they only forgot to tell you
> > > about it.
> > Uh... we did not forget about it. We do perform CRLF canonicalisation
> > before passing it off to gpg. What makes you think that we don't? Is
> > there any valid proof? If there is, I would like to see it. If there
> > are situations in which our CRLF filter fails, I would like to know
> > about it so that I may fix it.
> > Please see
> > evolution/camel/camel-multipart-signed.c:camel_multipart_signed_sign(
> >) for proof that we did it right.
> > > BTW, this message was created after applying a fix to KMail (now
> > > KMail encodes trailing spaces correctly). Is the signature now
> > > valid, Dave?
> > >
> > > Regards,
> > > Ingo
> > Ingo, next time you feel that Evolution is doing something
> > incorrectly - please be a man and come to me with the problem so that
> > I may look into it rather than you going off and spouting false
> > accusations. No one appreciates this, especially when they work hard
> > to make it fully compliant with all relavent specifications and
> > otherwise do the best they can do.
> Sorry, about that. We (the subscribers of the gnupg-users ml) just tried
> to find out why some of the members of gnupg-users had problems
> verifying the messages of other members. One reason turned out to be a
> bug in KMail and I'm glad that I could fix it.
seems there is also a bug in Evolution :-)
> I didn't want to give anyone the impression that Evolution is doing
> something wrong. I just noticed that what whoever told to Dave is not
> in accordance with the specs. And therefore I wanted to be sure that
> this person just didn't tell Dave the whole thing resp. that he omitted
> telling him an important detail (that's what I meant by "or they did
> omit an important detail"). My only fault is that I should have
> probably cc'ed my message to the evolution-developers mailing list
> (assuming that such a mailing list exists).
All is forgiven :-)
Evolution Hacker - Ximian, Inc.
firstname.lastname@example.org - www.ximian.com